Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

I just saw the first post about new vulnerabilities in the Oracle database on the bugtraq mailing list at Security Focus. The post was made about one hour ago by NGS. The post is titled "Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i" and discusses multiple bugs that have been found and fixed in the first of the new quarterly patch schedule fixes. They also have announced as they did with alert 68 that they will withold details of the actual bugs they have found until April 18 - 3 months later so that customers can get patched first. The post also suggests customers should go to Metalink for the patches.

As of now there are no announcments on Metalink or on OTN or on the Oracle security alerts page with respect to availability of the new patch set but there is a note on the Oracle alerts page to say that its scheduled to be released today.

PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database,
design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.